Release date: July 7th 2022
Welcome to my Microsoft Tips & Tricks section. In this session I will describe how I setup and configured Office Container using FSLogix. This effort was initially triggered by the need for roaming Office 365 log in and activation when using VMware Horizon Instant Clones. Using FSLogix to roam certain parts of the users’ settings is both effortless and simple. It can be used both in public cloud and on-prem setups. The FSLogix Container architecture consist of the following components:
- The FSLogix agent – an agent that provides all functionality. The agent is either installed in a physical PC, a virtual desktop or in a master image. I will be using v. 2.9.8228.50276, not the newest available v. 2.9.8361.52326, as this new version has had problems with roaming the Office 365 credentials etc, ref: Known Issues
- Group Policy – a centralized configuration with existing infrastructure
- Shared storage – host FSLogix Containers on standard SMB-based storage, this can be on a Windows Server or natively by an existing storage solution. Make sure to match SMB versions between clients and server for best performance.
The setup is done by completing the steps below.
- Configure storage for Office 365 Containers
- Configure GPO Settings
- Install FSLogix agent into my Horizon golden image
Configure Storage for Office Containers
According to MS documentation, the permissions should be set up as show below:
I will start out by configuring the Share-settings by clicking Advanced Sharing
I provide a share name and click Permissions
Next, adjust the Share Permissions. I will leave Everyone with Change permissions as a bare minimum.
Next, I configure the Security settings, click Advanced
First, I Disable inheritance.
Convert inherited permissions…..
Next, I Remove unnecessary groups
I can now Add a User Group and set the correct permissions
I make sure to adjust these permissions to only apply to “This folder only“
Finally, I modify the CREATOR OWNER’s permissions, from Full control to Modify.
With the permission set up as pr. Microsoft’s documentation, I click OK
Configure GPO Settings
To configure the FSLogix Apps agent, I will be using a GPO in Active Directory. When you download FSLogixApps, it comes with the necessary admx and adml files which I add to my Policy Definitions folder under SYSVOL.
Navigate to the “Computer Configuration – Policies – Administrative Templates – FSLogix” folder.
Enable the “Enable search roaming” setting, OK
Navigate to the “Computer Configuration – Policies – Administrative Templates – FSLogix – Office 365 Containers” folder.
I configure the settings as shown to the right below
When the FSLogix agent is installed, local groups are created to enable the inclusion or exclusion of users for Profile Containers and Office 365 Containers. These local groups are:
- Profile Container Groups
- FSLogix Profile Include List
- FSLogix Profile Exclude List
- Office Container Groups
- FSLogix ODFC Include List
- FSLogix ODFC Exclude List
FSLogix, by default include the group Everyone, which will enable Containers for administrator accounts as well. To adjust this, I navigate to “Computer Configuration – Preferences – Control Panel Settings – Local Users and Groups” and create a new local group named “FSLogix ODFC Include List”, and add my User Group from AD. I make sure to check the boxes to delete existing users and groups.
Install FSLogix Apps
Below, I will show first a manual installation, after that, how I will be doing the installation using my MDT solution. To install FSLogix Apps in my VDI’s, I first have to download this. The latest version of FSLogix is available for download here: https://aka.ms/fslogix-latest
Once downloaded, I extract the zip-file and launch the FSLogixAppsSetup executable.
To verify the install settings, I click Options
The install location looks good, OK
I Agree to the License Terms and click Install
Once the setup completes successful, I click Close
As per MS documentation, FSLogix Apps supports silent installation with the parameters show below:
In MDT Workbench I add the FSLogix Apps Agent to the Applications repository, as shown below.
As pr. the Microsoft documentation, I add the unattended installation switches “/install” and “quite”
Update: Using the “/quiet” switch doesn’t work, so after a little investigation, I found that the correct switch was “/passive“
Finally I add this to my Task Sequence and do a push of this new image to test this.
When my user logs in, I can see that a folder is automatically created and a VHD-file is created for this user. When I adjust settings in Office inside the VDI’s, these settings are also correctly roamed.
Log-File location: %PROGRAMDATA%\FSLogix\Logs\ODFC
Official Microsoft Documentation about this topic:
Configure storage permissions for use with Profile Containers and Office Containers
Configure Office Container to redirect Microsoft Office user data
Microsoft Tips & Tricks section
Disclaimer: Every tips/tricks/posting I have published here, is tried and tested in different it-solutions. It is not guaranteed to work everywhere, but is meant as a tip for other users out there. Remember, Google is your friend and don’t be afraid to steal with pride! Feel free to comment below as needed.
For permissions, afaik, the most restrictive setting wind. So, with a Read permission for everyone on the share, users won’t be able to write in the share.
Hello, nicely spotted, have corrected the mistake now. Thanks!